From: Niche (jackyliu419@gmail.com)
Date: Mon Oct 24 2005 - 23:19:18 GMT-3
Hi there,
Thanks for the information =)
Too bad I don't have CCO access, but I surely will make note about it.
Cheers~
Jacky
On 10/25/05, Church, Chuck <cchurch@netcogov.com> wrote:
>
> Keep in mind that if the 12.3 or 12.4 release doesn't cover the app you're
> looking for, there may be a custom PDLM for it at:
> http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
>
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation Team
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 864-266-3978
> cchurch@netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Niche
> Sent: Monday, October 24, 2005 8:33 PM
> To: Hictor Fernandez
> Cc: The Great Ryan; JP; Tim; ccielab@groupstudy.com
> Subject: Re: Question about NBAR.. not really related to CCIE lab
>
> Hi guys,
>
> Thanks for all the replies~
>
> I am going to diagging in more before I implement it but surely I will
> pick
> IOS 12.3 or 12.4 according to feed back from you guys.
>
> Thanks again!
>
> Jacky
>
> On 10/25/05, Hictor Fernandez <gnakh@telefonica.net> wrote:
> >
> > Hi all,
> >
> > if you want to monitor traffic of given protocols on non standard ports
> > you
> > have to tell the router:
> >
> > ip nbar port-map <protocol> <port>
> >
> >
>
>
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_confi
> guration_guide_chapter09186a00800c75d0.html
> >
> > AFAIK, if you want to monitor/identify p2p traffic, like kazaa or emule
> > you
> > have to add the PDLM for each protocol:
> > http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
> >
> > Regards
> >
> > Hictor
> >
> > ----- Original Message -----
> > From: "The Great Ryan" <pv.ryan@gmail.com>
> > To: "JP" <jenseike@start.no>
> > Cc: "Tim" <ccie2be@nyc.rr.com>; "Niche" <jackyliu419@gmail.com>;
> > <ccielab@groupstudy.com>
> > Sent: Monday, October 24, 2005 2:27 PM
> > Subject: Re: Question about NBAR.. not really related to CCIE lab
> >
> >
> > > Yes. I encounter the same problem when I tried to monitor HTTP
> > > protocol under 12.2T version.
> > >
> > > When I use router as web server and its default port 80, everything
> > > can be monitored. It doesn't work when I can the web server port to
> > > 1025. Never get hits.
> > > I have checked that NBAR support stateful inspection on HTTP.
> > > Anyone get work in my case ?
> > >
> > > Link:
> > >
> >
> >
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t
> /121t5/dtnbar.htm#xtocid259510
> > >
> > >
> > >
> > > Ryan
> > >
> > > 2005/10/24, JP <jenseike@start.no>:
> > > > Hi all,
> > > >
> > > > NBAR for matching on filsharing protocols works very well from
> 12.3and
> > up.
> > > > With 12.2 NBAR has problem matching on those dynamic ports that are
> > used.
> > > > F.ex I tested kazaa 2 and 3 with 12.2T(15), and I did not have any
> > hits
> > on
> > > > the policy. Then I upgraded to 12.3, and it worked very well.
> > > >
> > > > So you should try to use this on a newer IOS, and I think you will
> be
> > happy.
> > > >
> > > > Jens P
> > > >
> > > > -----Opprinnelig melding-----
> > > > Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne
> av
> > Tim
> > > > Sendt: 24. oktober 2005 11:58
> > > > Til: 'Niche'; ccielab@groupstudy.com
> > > > Emne: RE: Question about NBAR.. not really related to CCIE lab
> > > >
> > > > Hi Jacky,
> > > >
> > > > NBAR does more than match static protocol and port assignments. For
> > > > example, when nbar is used to match ftp traffic, it can determine
> > which
> > port
> > > > is used for the dynamic data channel.
> > > >
> > > > I haven't used nbar to classify p2p file sharing programs so I can't
> > comment
> > > > on how well it works for that but I would expect it to work pretty
> > well.
> > > >
> > > > Tim
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > > Niche
> > > > Sent: Monday, October 24, 2005 3:40 AM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Question about NBAR.. not really related to CCIE lab
> > > >
> > > > Hi guys,
> > > >
> > > > Is NBAR truely using layer-7 application pattern to classify traffic
> > for
> > > > bandwidth control, security blocking, etc?
> > > > Or it just use protocl type (tcp, udp) with port number still?
> > > >
> > > > We may need to consider to use it for controlling bandwidth usage to
> > p2p
> > > > file sharing traffic. So I am concerning about the effectiveness of
> > NBAR
> > to
> > > > this issue (e.g. users can modify the usual port number to a new one
> > of
> > the
> > > > application in order to avoid traditional port-number tracking
> > method).
> > > >
> > > > Cheers~
> > > > Jacky
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3